CertiK has reported that crypto losses from hacks and exploits have fallen to $68.3 million in May, nearly 90% lower than the roughly $650 million stolen in April.
Summary
- Crypto losses fell to $68.3 million in May, nearly 90% lower than the roughly $650 million recorded in April, according to CertiK.
- Verus Protocol and THORChain suffered the two largest exploits of the month, with combined losses exceeding $21 million.
- CertiK reported a rise in AI-assisted malware activity as attackers targeted code repositories and AI coding tools.
According to blockchain security firm CertiK, May became the third month of 2026 to record less than $100 million in crypto-related losses after attackers stole $68.3 million through exploits, scams, and security breaches.
The figure comes after a difficult April, when losses surged to around $650 million. CertiK noted that, excluding the $1.5 billion Bybit hack in February 2025, April recorded the highest monthly losses since March 2022. A $291 million exploit targeting Kelp DAO accounted for the largest incident that month.
While losses declined sharply in May, several major attacks still affected the sector. Data from CertiK shows that an exploit targeting Verus Protocol’s cross-chain bridge on May 18 resulted in $11.5 million in losses, making it the largest incident of the month. An attack on THORChain followed with roughly $10.1 million stolen from the protocol.
A breakdown of the data shows that code vulnerabilities remained the most expensive attack vector. CertiK reported that flaws in protocol code accounted for approximately $45 million in losses, representing about 66% of the month’s total. Wallet and private key compromises ranked second, with attackers stealing $13.7 million through those incidents.
Cross-chain infrastructure continued to attract significant attention from attackers. According to CertiK, cross-chain bridge exploits caused $28.6 million in losses during May, or roughly 42% of the monthly total, placing them ahead of decentralized finance protocols among the most targeted sectors.
Data from DeFiLlama recorded 29 security incidents during the month, including seven cases involving compromised private keys.Â
Among the most recent attacks were exploits affecting Alephium Bridge and Gravity Bridge on May 30. Data shows that the incidents led to losses of approximately $815,000 and $5.4 million, respectively, after attackers gained access to private keys.
AI-powered attacks add to security concerns
Even as total losses declined, security researchers continue to warn about changes in attacker tactics.
In April, CertiK senior blockchain investigator Natalie Newson warned that threat actors were increasingly combining social engineering, phishing campaigns, supply-chain compromises, and cross-chain vulnerabilities to execute large-scale attacks. Newson also warned that artificial intelligence tools were making cybercrime operations more sophisticated and easier to scale.
CertiK’s latest findings suggest that trend is continuing. The company reported that AI-assisted malware activity increased in May, with attackers targeting both crypto developers and AI developers by compromising code repositories and manipulating AI coding assistants.
Newson previously said that tools capable of creating realistic deepfakes, autonomous attack agents, and software that can identify vulnerabilities and generate exploit code are becoming more accessible.Â
According to CertiK, such capabilities are adding new risks at a time when attackers are already exploiting weaknesses in cross-chain systems and private key management.
In the meantime, CertiK has advised users to remain cautious of phishing attempts, verify the authenticity of websites and smart contracts, and consider using cold wallets to reduce exposure of private keys during everyday operations.
